GitOps vs DevOps: Differences and Why They are Better Together

Understand the GitOps vs DevOps discussion - what is GitOps, how it is different than DevOps, and how GitOps helps DevOps teams solve deployment challenges.

What is DevOps?

DevOps is an approach that combines development (Dev) with operations (Ops) to facilitate collaborative work. 

It is a cultural change that requires building trust and cohesion between Dev and Ops collaborators. It also requires aligning technological projects to business requirements. 

DevOps typically involves adopting iterative development techniques, programmable infrastructure management, and automation. 

What is GitOps?

GitOps is an approach that enables developers to automate infrastructure and manage it alongside their codebase.

GitOps involves using Git to manage infrastructure and application configurations. Git is an open source version control system that serves as a single source of truth for declarative infrastructure and applications.

GitOps employs Git pull requests to manage infrastructure automatically and the Git repository stores a visible changelog of the system’s state.

This is part of our series of articles about DevSecOps.

In this article:

How is GitOps Different from DevOps?

GitOps is a practice that helps manage software development and infrastructure provisioning through Git-based repositories. It enables developers to store the desired state of the infrastructure. DevOps is a culture that may or may not implement GitOps.

DevOps is a culture that helps break silos and embrace collaboration and shared responsibility to increase the velocity of software development. It typically involves implementing various technical and cultural practices to facilitate better collaboration, communication, and automation.

Both GitOps and DevOps employ a version control system (Git) for the resource management aspect of operations. The two approaches implement existing infrastructure as code (IaC) processes, code reviews, version control, and continuous integration and continuous delivery (CI/CD) pipelines. However, the two differ in scope. 

DevOps teams typically use reliable workflows, like GitOps, to improve collaboration, keep track of changes, and increase efficiency. However, GitOps is an optional practice that a DevOps team is not required to incorporate into the process. It means GitOps is a narrower practice, while DevOps has a greater scope that incorporates all aspects of the development lifecycle.

Here is a summary of the key differences between GitOps and DevOps:

A techniqueA culture
GitOps relies on GitDevOps allows using various CI/CD pipelines without being tied to a specific tool
You can use GitOps with Kubernetes, IaC, and various CI/CD pipelines.You can use DevOps with various tools, including Cloud Configuration as Code and supply chain management
GitOps aims to achieve rapid development and minimize reliance on complex scriptsDevOps strives to achieve automation and frequent deployments
GitOps loosens the restrictions between development and operations sequencesDevOps pipelines maintain separate steps for development and separate steps for operations

Related content: Read our guide to infrastructure as code (IaC)

Advantages of DevOps with GitOps

Before GitOps, a DevOps pipeline in Kubernetes involved the following steps:

  1. Developer commits code to a repo. This could be a container image specification or declarative configuration such as a YAML file or Helm chart.
  2. The CI server performs the build, parsing the image specification and creating the image.
  3. The CI server pushes the new image into an image repository.
  4. An automated continuous delivery (CD) tool deploys the configuration directly into the Kubernetes cluster, usually via scripted kubectl commands.

What Are the Challenges in the Traditional DevOps Process?

  • If a container image contained bugs, there is no easy way to roll back to a previous version of the application.
  • If a manifest performs unexpected operations—for example, deleting pods—again there is no simple way to roll back to the previous configuration.
  • It is possible to re-run the deployment but this is resource-intensive, and will not necessarily revert the cluster to a clear state.
  • If there is a security compromise—for example, attackers have taken over the CI/CD system, they now have complete control over the Kubernetes cluster.

How Does it Work with GitOps?

  1. Developer commits code to repo
  2. CI server builds the new version of the code and creates the image
  3. CI server pushes the image to a repo
    (up until now the process is the same as in a traditional environment)
  4. A GitOps agent deployed in the cluster identifies the change and automatically makes the necessary changes in the cluster. There is no direct connection between the CI system and the Kubernetes cluster.

Now, if a change made to a container image or a manifest was undesirable—for example, because it contained a bug or was performed by a bad actor—it is possible to immediately revert to the last good configuration in the git repository. Git becomes the single source of truth for application and environment state. And, importantly for security, permission to access CI systems becomes separate from permission to access CD systems.

GitOps with Kubernetes

GitOps involves treating infrastructure and software components as files stored in a version control system. It incorporates an automated process that synchronizes the state between the version control system and your runtime environment. 

Kubernetes is an orchestration platform you can use to manage infrastructure. It supports declarative APIs and provides the backend framework and controller patterns needed to implement them. 

Kubernetes uses the concept of immutability, ensuring that APIs cannot modify resources in the environment. It allows APIs only to declare how to instantiate new resources. APIs cannot modify a container image but leave the pod unchanged. 

Every API request expects the deployment of a full manifest of the resources. As a result, Kubernetes users must use a declarative approach, which requires a place to store all declarative configurations. You can use Git repositories to store these specifications and transition to GitOps as a delivery method for deploying manifests from Git.

How GitOps Improves the DevOps Process

What is evident from this discussion is that GitOps does not replace DevOps. There is still a full CI process that needs to be done by traditional DevOps tools. GitOps makes the DevOps team’s work easier by simplifying continuous delivery/deployment of new software artifacts to a Kubernetes cluster.

Since GitOps uses Kubernetes-native mechanisms and commands, and is based on source code principles that are familiar to all developers, it doesn’t require teams to learn a new tool or technique. Therefore, GitOps can improve and accelerate DevOps practices in modern Kubernetes environments.

The Cloud Native Experts
"The Cloud Native Experts" at Aqua Security specialize in cloud technology and cybersecurity. They focus on advancing cloud-native applications, offering insights into containers, Kubernetes, and cloud infrastructure. Their work revolves around enhancing security in cloud environments and developing solutions to new challenges.